[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication

--On Wednesday, July 28, 2004 1:22 PM +0200 Dieter Kluenter <dieter@dkluenter.de> wrote:

How can I set only gssapi authentication for Openldap

Don't allow any userPassword attribute and set appropriate security strength factor (ssf) rules, see man slapd.access(5). GSSAPI by the way has a sasl ssf 56.

That depends on the strength of your kerberos key. It is possible for GSSAPI to have a higher SASL SSF.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html